We've enabled ATS restrictions in our app, and everything works fine, except sometimes, randomly, the CDN download resource fails.
In most cases, it happens to users who on iOS 14.* and WiFI (VPN helps solve the problem :thinking_face:)
Logs:
(ExampleClientErrorLogServlet) :: Client error: {"arguments":["test_resource","Caught Error Domain%3DNSURLErrorDomain Code%3D-1200 \"An SSL error has occurred and a secure connection to the server cannot be made.\" UserInfo%3D{NSErrorFailingURLStringKey%3Dhttps://my-url/reource.bin, NSLocalizedRecoverySuggestion%3DWould you like to connect to the server anyway?, _kCFStreamErrorDomainKey%3D3, _NSURLErrorFailingURLSessionTaskErrorKey%3DLocalDownloadTask <A50DCF0E-38F3-4454-A78A-B4552336561E>.<1>, _NSURLErrorRelatedURLSessionTaskErrorKey%3D(\n \"LocalDownloadTask <A50DCF0E-38F3-4454-A78A-B4552336561E>.<1>\"\n), NSLocalizedDescription%3DAn SSL error has occurred and a secure connection to the server cannot be made., NSErrorFailingURLKey%3Dhttps://my-url/reource.bin, NSUnderlyingError%3D0x2882e1050 {Error Domain%3DkCFErrorDomainCFNetwork Code%3D-1200 \"(null)\" UserInfo%3D{_kCFStreamPropertySSLClientCertificateState%3D0, _kCFNetworkCFStreamSSLErrorOriginalValue%3D-9816, _kCFStreamErrorDomainKey%3D3, _kCFStreamErrorCodeKey%3D-9816, _NSURLErrorNWPathKey%3Dsatisfied (Path is satisfied), viable, interface: en0, ipv4, dns}}, _kCFStreamErrorCodeKey%3D-9816}"],"format":"Downloading {} file failed: {}","platform":"ios","version":"2.87.1"}
26.07.2022 01:39:55 [DEBUG][9] :: platform: ios, version: 2.87.1. Downloading test_resource file failed: Caught Error Domain%3DNSURLErrorDomain Code%3D-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo%3D{NSErrorFailingURLStringKey%3Dhttps://my-url/reource.bin, NSLocalizedRecoverySuggestion%3DWould you like to connect to the server anyway?, _kCFStreamErrorDomainKey%3D3, _NSURLErrorFailingURLSessionTaskErrorKey%3DLocalDownloadTask <A50DCF0E-38F3-4454-A78A-B4552336561E>.<1>, _NSURLErrorRelatedURLSessionTaskErrorKey%3D(
), NSLocalizedDescription%3DAn SSL error has occurred and a secure connection to the server cannot be made., NSErrorFailingURLKey%3Dhttps://my-url/reource.bin, NSUnderlyingError%3D0x2882e1050 {Error Domain%3DkCFErrorDomainCFNetwork Code%3D-1200 "(null)" UserInfo%3D{_kCFStreamPropertySSLClientCertificateState%3D0, _kCFNetworkCFStreamSSLErrorOriginalValue%3D-9816, _kCFStreamErrorDomainKey%3D3, _kCFStreamErrorCodeKey%3D-9816, _NSURLErrorNWPathKey%3Dsatisfied (Path is satisfied), viable, interface: en0, ipv4, dns}}, _kCFStreamErrorCodeKey%3D-9816}
_kCFNetworkCFStreamSSLErrorOriginalValue=-9816
_kCFStreamErrorDomainKey=3
_kCFStreamErrorCodeKey=-9816
We've tried nscurl --ats-diagnostics on the URL:
Configuring ATS Info.plist keys and displaying the result of HTTPS loads to https:/url-path.
A test will "PASS" if URLSession:task:didCompleteWithError: returns a nil error.
==============================================================
Default ATS Secure Connection
---
ATS Default Connection
ATS Dictionary:
{}
Result : PASS
---
==============================================================
Allowing Arbitrary Loads
---
Allow All Loads
ATS Dictionary:
{
NSAllowsArbitraryLoads = true;
}
Result : PASS
---
================================================================================
Configuring TLS exceptions for url
---
TLSv1.3
ATS Dictionary:
{
NSExceptionDomains = {
"url" = {
NSExceptionMinimumTLSVersion = "TLSv1.3";
};
};
}
Result : FAIL
Error : Error Domain=NSURLErrorDomain Code=-1200 "An SSL error has occurred and a secure connection to the server cannot be made." UserInfo={NSErrorFailingURLStringKey=url, NSLocalizedRecoverySuggestion=Would you like to connect to the server anyway?, _kCFStreamErrorDomainKey=3, _NSURLErrorFailingURLSessionTaskErrorKey=LocalDataTask <250D7C7A-A090-41F1-8FED-E73FCB511F41>.<1>, _NSURLErrorRelatedURLSessionTaskErrorKey=(
"LocalDataTask <250D7C7A-A090-41F1-8FED-E73FCB511F41>.<1>"
), NSLocalizedDescription=An SSL error has occurred and a secure connection to the server cannot be made., NSErrorFailingURLKey=url, NSUnderlyingError=0x6000021318f0 {Error Domain=kCFErrorDomainCFNetwork Code=-1200 "(null)" UserInfo={_kCFStreamPropertySSLClientCertificateState=0, _kCFNetworkCFStreamSSLErrorOriginalValue=-9836, _kCFStreamErrorDomainKey=3, _kCFStreamErrorCodeKey=-9836, _NSURLErrorNWPathKey=satisfied (Path is satisfied), viable, interface: lo0}}, _kCFStreamErrorCodeKey=-9836}
---
======================================
nsurl --ats-diagnostic show me another error code -9836 and like I know TLSv1.3 not necessary yet
Maybe someone can give some suggestions, any help !! :pray:
Thx!
Post
Replies
Boosts
Views
Activity
We have crash on iOS 11 when update Xcode to newest version
Before we have deployment target iOS 10, but Xcode 14 start only iOS 11 and higher
We update deployment target to iOS 11, and it always crashes.
Building iOS projects with deployment targets for the armv7, armv7s, and i386 architectures is no longer supported. (92831716)
Building for deployment to OS releases older than macOS 10.13, iOS 11, tvOS 11, and watchOS 4 is no longer supported. (92834476)
Build Settings
Logs:
ошибка 17:31:53.599495+0300 backboardd iohideventsystem_client_dispatch_properties_changed:0x10004003
ошибка 17:31:54.078986+0300 SpringBoard Unable to get short BSD proc info for 824: No such process
ошибка 17:31:54.200619+0300 symptomsd Attempt to add an app with insufficient id, info {
BKSApplicationStateAppIsFrontmost = 1;
BKSApplicationStateExtensionKey = 0;
SBApplicationStateDisplayIDKey = "com.vizor-apps.MobileFWDemo";
SBApplicationStateKey = 8;
SBApplicationStateProcessIDKey = 824;
SBMostElevatedStateForProcessID = 8;
}
ошибка 17:32:03.703474+0300 backboardd iohideventsystem_client_dispatch_properties_changed:0x10004003
ошибка 17:32:11.034254+0300 backboardd iohideventsystem_client_dispatch_properties_changed:0x10004003
ошибка 17:32:14.480283+0300 parsecd error getting file handle for resource: <private>
ошибка 17:32:14.492496+0300 parsecd error reading app whitelist <private>
ошибка 17:32:21.099704+0300 backboardd iohideventsystem_client_dispatch_properties_changed:0x10004003
ошибка 17:32:35.320318+0300 com.apple.Safari.SafeBrowsing.Service TIC Read Status [1:0x0]: 1:57
ошибка 17:32:35.320676+0300 com.apple.Safari.SafeBrowsing.Service TIC Read Status [1:0x0]: 1:57
Maybe someone have idea what's going on? :pray:
Hi everyone. We try to implement background assets to our project. And and encountered this problem.
When try to send background event from terminal
xcrun backgroundassets-debug --simulate --app-periodic-check -d [DEVICE_ID] -b [APP_BUNDLE_IDENTIFIER]
In console.app in device log we saw this type of logs
Text version :)
Resetting extension runtime for: [APP_BUNDLE_IDENTIFIER]
Application info for ([APP_BUNDLE_IDENTIFIER]) is being updated based on URL:(N/A)
Failed to find represented extension point. (ID:[APP_BUNDLE_IDENTIFIER]
Event (7) dropped for client ([APP_BUNDLE_IDENTIFIER]) failed because the app and extension do not share any application groups.
Tried on Xcode 15, iOS 17.0.2, MacOS 14
App Info.plist (in yml style)
---- part
<key>app-group</key>
<string>group.com.*******.MobileFWDemo</string>
<key>app-group-asset</key>
<string>group.com.*******.BackgroundAsset.Container</string>
<key>BAInitialDownloadRestrictions</key>
<dict>
<key>BADownloadAllowance</key>
<integer>1610612736</integer>
<key>BADownloadDomainAllowList</key>
<array>
<string>devstreaming-cdn.apple.com</string>
<string>developer.apple.com</string>
<string>http://example.com/</string>
<string>https://www.learningcontainer.com/</string>
<string>https://file-examples.com</string>
</array>
<key>BAEssentialDownloadAllowance</key>
<integer>1073741824</integer>
</dict>
<key>BAManifestURL</key>
<string>https://developer.apple.com/sample-code/background-assets/SessionsManifest.plist</string>
<key>BAMaxInstallSize</key>
<string>1610612736</string>
----- part
In BAExtension info.plist
<dict>
<key>app-group</key>
<string>group.com.*******.MobileFWDemo</string>
<key>app-group-asset</key>
<string>group.com.*******.BackgroundAsset.Container</string>
<key>EXAppExtensionAttributes</key>
<dict>
<key>EXExtensionPointIdentifier</key>
<string>com.apple.background-asset-downloader-extension</string>
<key>EXPrincipalClass</key>
<string>BackgroundDownloadHandler</string>
</dict>
</dict>
App Entitlement
<dict>
<key>aps-environment</key>
<string>development</string>
<key>com.apple.developer.applesignin</key>
<array>
<string>Default</string>
</array>
<key>com.apple.developer.associated-domains</key>
<array>
<string>applinks:******.onelink.me</string>
</array>
<key>com.apple.developer.game-center</key>
<true/>
<key>com.apple.security.application-groups</key>
<array>
<string>group.com.******.BackgroundAsset.Container</string>
<string>group.com.******.MobileFWDemo</string>
</array>
</dict>
Extension Entitlement
<dict>
<key>com.apple.security.application-groups</key>
<array>
<string>group.com.*******.MobileFWDemo</string>
<string>group.com.*******.BackgroundAsset.Container</string>
</array>
</dict>
Method - not called
- (NSSet<BADownload *> *)downloadsForRequest:(BAContentRequest)contentRequest
manifestURL:(NSURL *)manifestURL
extensionInfo:(BAAppExtensionInfo *)extensionInfo
After add Background Asset Extension a new warning appeared in the logs:
Execution of the command buffer was aborted due to an error during execution. Insufficient Permission (to submit GPU work from background) (00000006:kIOGPUCommandBufferCallbackErrorBackgroundExecutionNotPermitted)
Maybe it wiil be connected to my problem.
Could someone help ?)
Xcode 15 supports .xcprivacy extensions, but if we added PrivacyManifest to the project and built the project through Xcode 14.3 with PrivacyManifest already added, Apple Review will see that the project has the PrivacyManifest you need? or how is this supposed to work?
Or should we build the project via Xcode 15+ and only then will it be transferred to you correctly?